meta data for this page
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
vm:proxmox:lxc [2020/05/02 20:52] niziak created |
vm:proxmox:lxc [2021/02/22 08:18] (current) niziak |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== LXC ====== | ====== LXC ====== | ||
| - | ===== docker inside unprivileged LXC ===== | + | ===== rename CT ===== |
| - | + | <code bash>pct set <VMID> --hostname <newname></code> | |
| - | Docker is recommended to be used inside VM. | + | |
| - | + | ||
| - | From documentation: [[https://pve.proxmox.com/wiki/Linux_Container#pct_configuration]] | + | |
| - | + | ||
| - | * edit LXC container config | + | |
| - | <file | /etc/pve/local/lxc/<contained_id>.conf> | + | |
| - | features: keyctl=1,nesting=1 | + | |
| - | </file> | + | |
| - | * stop/start LXC container | + | |
| - | * <code bash>docker run hello-world</code> | + | |
| - | + | ||
| - | ==== issue ==== | + | |
| + | ===== update CT templates ===== | ||
| <code bash> | <code bash> | ||
| - | docker info | + | # pveam - Proxmox VE Appliance Manager |
| - | ... | + | pveam update |
| - | Server Version: 19.03.8 | + | |
| - | Storage Driver: vfs | + | |
| - | ... | + | |
| </code> | </code> | ||
| - | When restarted in privileged container: | ||
| - | <code bash> | ||
| - | docker info | ||
| - | ... | ||
| - | Storage Driver: aufs | ||
| - | Root Dir: /var/lib/docker/aufs | ||
| - | Backing Filesystem: zfs | ||
| - | Dirs: 0 | ||
| - | Dirperm1 Supported: true | ||
| - | ... | ||
| - | </code> | ||
| - | Solution: | + | ===== Shrink container disc ===== |
| - | <code bash> | + | |
| - | cp /etc/apparmor.d/lxc/lxc-default-with-nesting /etc/apparmor.d/lxc/lxc-default-with-nesting-docker | + | |
| - | </code> | + | |
| - | + | ||
| - | Edit new file and update ''profile'' name and add some mount permissions: | + | |
| - | + | ||
| - | <file|/etc/apparmor.d/lxc/lxc-default-with-nesting-docker> | + | |
| - | # Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which | + | |
| - | # will source all profiles under /etc/apparmor.d/lxc | + | |
| - | + | ||
| - | profile lxc-container-default-with-nesting-docker flags=(attach_disconnected,mediate_deleted) { | + | |
| - | #include <abstractions/lxc/container-base> | + | |
| - | #include <abstractions/lxc/start-container> | + | |
| - | + | ||
| - | deny /dev/.lxc/proc/** rw, | + | |
| - | deny /dev/.lxc/sys/** rw, | + | |
| - | mount fstype=proc -> /var/cache/lxc/**, | + | |
| - | mount fstype=sysfs -> /var/cache/lxc/**, | + | |
| - | mount options=(rw,bind), | + | |
| - | mount fstype=cgroup -> /sys/fs/cgroup/**, | + | |
| - | mount fstype=cgroup2 -> /sys/fs/cgroup/**, | + | |
| - | mount fstype=aufs, | + | |
| - | mount fstype=overlay, | + | |
| - | } | + | |
| - | </code> | + | |
| - | <code bash>systemctl reload apparmor</code> | + | It is not supported. Command <code bash>pct resize <VMID> rootfs <newsize></code> cannot be used. |
| - | Edit ''/etc/pve/lxc/${container_id}.conf'' and append this line: | + | Workaround 1: |
| - | <file | /etc/pve/lxc/${container_id}.conf > | + | * Stop container |
| - | lxc.apparmor.profile: lxc-container-default-with-nesting-docker | + | * Edit ''<vmid>conf'' and set new disk size |
| - | <file> | + | * Perform backup |
| + | * Restore LXC from backup | ||
| + | Workaround 2: | ||
| + | * Change ZFS volume size <code bash>zfs set refquota=8G rpool/data/subvol-810-disk-0</code> | ||
| + | * Adjust LXC config: | ||
| + | * Edit ''<vmid>conf'' and set new disk size, **OR** | ||
| + | * ''pct rescan'' | ||